If OEMs are going to lock us into a windows operating system, it's better to build the desktop from scratch.

It's a good thing I have experience in building computers. I bought a gigabyte motherboard last year and once I built the system, I went to the bios settings and choose to use legacy mode over uefi. No need to worry about secure boot and stupid keys.

For desktops I'm not sure I would do anything but build my own -- even if I wanted to run Windows. However, it is laptops which are the problem and, really, always have been with Linux anyhow since they can't be home built in the same way.
Then there are the people who want to try Linux but can't.
I think, as I mentioned, that for people like most of us posting in this thread this will just mean another thing to look out for when buying computers. The real problem is people who knew no better when buying which could mean fewer people trying Linux.

Just to avoid any misconceptions , UEFI and Secure Boot are not the same and you can use UEFI without Secure Boot just fine.

@ 273

With a custom built computer you can choose the the bios mode, I know because I did and linux installed just fine.

However, I don't know for sure if desktops already built and with a windows OS is going to be easy to change the bios settings. Like you said, the consumer will have to do their research before buying a computer in the next coming years.

But to honest, I think this mandatory option to disable secure boot is going to be fought by the linux community for years. It's not right to lock users to using one operating system.

Some may say, to use linux as a guest OS in a windows host machine. But its not the same performance wise. Linux runs better using your real hardware.

Thanks TobisGD for the correction. I though if UEFI is enable in the bios, the secure boot will show up as an option.

Secure Boot can only be used if your system is in UEFI mode. You can use UEFI without Secure Boot, but you can't use Secure Boot without UEFI.

This 'secure boot' thing is an utter lie. If the end result is that you can only boot windows, then it should be called 'absolutely-not-secure boot'. And this is not a joke.

As was stated previously in this thread already, if your distribution supports Secure Boot is up to your distribution. There is no reason at all that Linux wouldn't be able to run on systems with Secure Boot enabled.

Yes, but I don't see why MS should be involved ever in the process of installing *any* OS on your machine. Because even if the keys come from Verisign, it was MS who initiated the whole thing.

I'm getting more and more tired of all their relentless marketing bullshit and the huge conflict of interest they're in. They may well be extremely commercially successful, when it comes to security, they're the most inept company ever. By OS design and by numbers. Because they don't care that much about secure computing, what they *do* really care about are f###ing *sales*.

So if it would come from Red Hat or IBM you wouldn't have a problem with it? I can't say that I understand where the difference is when key management is done by an independent entity.
Actually, the security features in Windows are superior to what most Linux distros deliver by default, only that they are mostly disabled in the consumer versions by default. So again, I fail to see a difference in Windows in its default state (enhanced security features, but disabled in consumer versions) and Linux distros that have security features like SELinux and AppArmor at hand, but don't see the need to implement them.

I was just saying that the whole secure boot idea comes from MS, and I can't help finding this rather suspicious.

What is the point of having security features mostly disabled by default for the average user, the same user who has no idea of how to strengthen his machine security, or why he should do that? Do you think this is what a truly security-focused company should be doing? And what is the proportion of average vs tech savvy Windows users?

Edit: TobiSGD, I appreciate your impartiality, and I agree you can possibly re-configure a Windows machine to be more secure. But I just dislike MS attitude. Sales are their number one priority. But security, beyond all they pretend, who cares?

That's quite limiting. TBH Ubuntu sucks now. And I still not convinced that they will try to take away
the ability for third party signers to boot.

Fair enough, but seeing that Windows systems on the desktop are one of most targetted, I don't really find it surprising that they at least try to come up with solutions to those problems.

The point is that support costs and bad reviews would increase dramatically when the average user suddenly is limited by his own system and has to learn security before being able to use them. I guess that is also the reason why most of the distros that aim at the average user (Ubuntu, Mint, ...) also don't implement advanced security features. I totally agree with you that this is not a good thing per se, but I can see where they (both Microsoft and the distro maintainers) are coming from.
Of course sales are their number one priority, after all Microsoft is a not a non-profit organization, they are a commercial company and their leaders, like in most large companies, have to please their shareholders.

It doesn't though, as I mentioned in previous posts. Having a signed bootloader and keys on the device is nothing new -- it's just they haven't really been on general-purpose computers up until recently. I completely agree that M$ will use anything to gain market share but I don't agree that that is the primary reaaon for this. The likes of "secure boot" have been a long time coming to mainstream personal computers.
Juat as an aside, also, it's not just Microsoft who don't apply full security to default installs -- lots of Linux distro's do all sorts of things which are considered bad practice on default installs. Heck, Canonical have been known to capture root equivalent passwords in plaintext during the install...

I'll take a reasonable amount of convenience of security any day. The average computer user just doesn't need the same level as a business and government security.

I am the same, I agree. I was only posting regarding the suggestion that M$ were somehow alone in doing it.

Yeah, and that's why it's totally impossible to trust their official corporate blah blah.

True, but Microsoft isn't the problem here. A problem only occurs when an OEM decides to leave out the option to disable Secure Boot.

Once they are allowed to, they will. MS knows this.

They were allowed all the time. Nothing at all was preventing them from not offering this option, they only needed to implement it if they wanted to participate in the Windows 8 Logo program. Participating in this program is not necessary, even when you want to deliver machines with Windows 8 pre-installed, and there are many OEMs that didn't participate.

Alternatives to using linux if vendors lock linux users out:

• System76
• Zareason
• Raspberry PIs
• Odroid-C1

The last two are not very powerful options, but it's better than nothing.

There is also the Libreboot option from Gluglug:
http://shop.gluglug.org.uk/product/l...ation-service/

At the moment this is only for a limited range of (non-EFI) Thinkpads but hopefully they can expand this in the future.

Good to know...thx

Nice concept but only a limited model range and EU only.

If you've got the skills (which I believe smeezekitty has), you can install Libreboot yourself. Limited options, yes - but I bought a refurbished X200 off an eBay dealer for £83 and it's running Slackware64 14.1 perfectly.

http://libreboot.org/docs/install/index.html

It will be interesting to see whether any OEMs decide to prevent the disabling of "secure boot" and, if they do, why. I can't see it being cheaper to do so as UEFI and BIOS are surely just third-party standard software so removing routines may even cost more?
I do worry that M$ may revert to their previous style of business though and pay OEMs to lock down "secure boot" via some kind of "loyalty discount" or other plausibly deniable means. Hopefully though they've learned from their previous criminal conduct that they will have some kind of sanctions imposed for that kind of behaviour even if they are relatively mild.